Card brands are enhancing identity checks and verification services as part of the EMV™ 3-D Secure 2 authentication protocol for e-commerce transactions. (EMV refers to EMV Co., the standards organization, not to be confused with chip-based acquiring)
Merchants integrated via Hosted Checkout (HCO) Payment Pages can use the new 3-D Secure version 2 solution. Below is the description of the feature and migration steps:
An important compliance notice about European PSD2 SCA payment authentication regulations: The second Payment Services Directive (PSD2) introduces new requirements for authenticating online payments. These requirements came into effect on 2020-12-31.
What is changing as part of PSD2 SCA?
SCA stands for Strong Customer Authentication. It is a key regulatory mandate included in PSD2 within the European Economic Area (EEA) that requires electronic payments initiated by the buyer to be authenticated by at least two independent factors.
The European Union (EU) passed the SCA mandate to ensure electronic payment methods are carried out in a secure manner to assist the reduction in fraud. It came into force for all European countries effective 2020-12-31, apart from the UK, where the mandate takes effect on 2021-9-14.
EMV 3-D Secure, often referred to as 3-D Secure version 2, is the de facto standard to meet the SCA mandate. Implementing 3-D Secure version 2 will ensure that merchants do not experience disruptions.
(For API integration, please refer to https://support.payeezy.com/hc/en-us/articles/206601408, section "3DS version 2")
To upgrade to 3-D Secure version 2 via Hosted Checkout, merchants need to take the actions described below.
Please note: failure to migrate to 3-D Secure version 2 could result in some transactions being declined. Payeezy Gateway provides the integration to the 3-D Secure version 2. However, it is the merchant's responsibility to check which version is needed for its compliance.
3-D Secure via Hosted Checkout is performed using the CardinalCommerce integration.
A merchant is responsible for the following steps
- Registration with CardinalCommerce
- Providing the new processing credentials from CardinalCommerce to Payeezy Gateway (via RPM terminal "3-D Secure" tab).
- Registration with Mastercard for 3-D Secure version 2. Merchant’s current acquiring information (Acquiring BIN/MID) must be uploaded to the Mastercard 2.0 Directory Server which can only be performed by the merchant’s acquirer. Therefore the merchant will need to reach out to their acquirer.
- CardinalCommerce requires the merchant’s American Express SE Number and AIN (American Express Region) as well as the Discover Acquiring BIN and Acquiring MID. CardinalCommerce will load the merchant’s American Express and Discover into the Directory Servers in addition to adding those to the merchant’s Cardinal account.
The existing 3-D Secure version 1 processing credentials from CardinalCommerce are not sufficient for 3-D Secure version 2 processing via Payeezy Gateway (PGW) Hosted Checkout (HCO). Some bank acquirers are not ready for 3DS v2. In this case, CardinalCommerce will failover from 3DS v2 to 3DS v1.
Supported Card Brands
The processing of 3D Secure is done via the following card brands: Visa, Mastercard, American Express, and Discover. The following card brands are processed under the Discover brand for processing of 3D Secure: Diners, JCB, Union Pay.
Under the “Terminal” menu, select "3-D Secure".
Merchants that previously used 3-D Secure version 1, will see that the credentials for 3-D Secure version 1 are populated. PGW maintains support for version 1 credentials only to provide a smooth transition to version 2, i.e., while the merchant waits for Mastercard to update the directory server.
Merchants that are new to 3-D Secure can ignore the left section of this screen. In this case, merchants are required to use 3-D Secure version 2 from day one.
To enable 3-D Secure version 2, click on the checkmark "Enable 3-D Secure version 2"
Enter the following credentials (credentials provided by CardinalCommerce)
- Merchant ID
- Transaction Password
- API Identifier
- Organization Unit ID
- API Key
Select a Supported Card brand by clicking the checkmark beside it. Before selecting a card brand, please ensure that the card brand is ready for such processing (please refer to the above notes about card brand registration).
Make sure to click the "Update" button to save the changes.
Payment Page Settings
Merchants that were already using 3-D Secure version 1 do not need to make any changes to their payment page settings.
New merchants need to proceed to set their payment pages settings. Refer to article "Hosted Checkout Payment Pages Integration Manual"
Section, 3-D Secure Settings.
Please note: "Require Enrollment" checkbox is not relevant to 3-D Secure version 2.
A section called "3-D Secure Details" is added at the bottom of the transaction details screen (refer to screenshot below).
- Version: shows the version of the 3-D Secure protocol that was used.
- Directory Server Transaction ID: an ID returned by CardinalCommerce.
- Enrolled: a field returned by CardinalCommerce.
- Payer Authentication Result Status: a field returned by CardinalCommerce.
- Signature Verification: a field returned by CardinalCommerce.
Troubleshooting production issues with CardinalCommerce
Please provide the following information to Cardinal for troubleshooting:
- Transaction Amount
- Last four digits of of the credit card
- Transaction date, time, and your terminal time zone.
Testing can be done on the DEMO environment.
3-D Secure version 2 test cards
Please note, the test cards below are tied to a specific test case. Further details can be found on the CardinalCommerce website: https://cardinaldocs.atlassian.net/wiki/spaces/CCen/pages/903577725/EMV+3DS+Test+Cases
Test case: Successful Frictionless Authentication (Successful frictionless authentication representing the cardholder being authenticated by their Card Issuer)
Expected outcome: transaction processed as 3DS v2.
American Express: 340000000001007
Discover (Diners): 6011000000001002
Test Case: Failed Frictionless Authentication (Authentication Failed by Card Issuer without Challenge)
expected behaviour: payment page asks for another method of payment
American Express: 340000000001015
Discover (Diners): 6011000000001010
Test Case: Successful Step Up Authentication (Successful traditional Step Up (Challenge) authentication transaction)
American Express: 340000000001098
Discover (Diners): 6011000000001093
Test Case: Failed Step Up Authentication (Traditional Step Up (Challenge) authentication transaction with failed cardholder challenge)
expected behaviour: payment page asks for another method of payment
American Express: 340000000001106
Discover (Diners): 6011000000001101